From 27783f4c667262a7bbb6e962678ebaf0146e30d6 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Mon, 23 Nov 2015 13:38:59 +0100
Subject: [PATCH] multi-detect: consider vlan tracking

Refuse to use vlan selector if vlan tracking is disabled.
---
 src/detect-engine.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/detect-engine.c b/src/detect-engine.c
index 585e3f7c9f..04aad76745 100644
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -2067,6 +2067,15 @@ void DetectEngineMultiTenantSetup(void)
 
             if (strcmp(handler, "vlan") == 0) {
                 master->tenant_selector = TENANT_SELECTOR_VLAN;
+
+                int vlanbool = 0;
+                if ((ConfGetBool("vlan.use-for-tracking", &vlanbool)) == 1 && vlanbool == 0) {
+                    SCLogError(SC_ERR_INVALID_VALUE, "vlan tracking is disabled, "
+                            "can't use multi-detect selector 'vlan'");
+                    SCMutexUnlock(&master->lock);
+                    goto error;
+                }
+
             } else if (strcmp(handler, "direct") == 0) {
                 master->tenant_selector = TENANT_SELECTOR_DIRECT;
             } else {